how do I log inbound traffic with a cisco 1721

Posted on 2004-10-13
Last Modified: 2012-05-05
We are getting an unusual amount of inbound traffic for about 7 hours per night and we would like to monitor where this traffic is coming from.  Is there a way to enable the 1721 to log the inbound traffic?
Question by:genekurtz
  • 2
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 12298115
You can enable netflow on the interfaces

interface serial 0/0
  ip route-cache flow

interface fast 0/0
  ip route-cache flow

Examining the flows will show you source/destination IP addresses and ports.
Exporting the flow to something like NTOP will give you a tremendous amount of information:

Or you can enable ip accounting on the serial interface. This will also give you a lot of information with "show ip account"

Expert Comment

ID: 12304648
you can also set an access control list on the external interface:

router#conf t
router(config)#access 100 permit tcp any any log
router(config)#access 100 permit udp any any log
router(config)#access 100 permit ip any any log
router(config)#int s0/0
router(config-int)#ip access group 100 in
router(config)#logging buffered
router(config)#buffer 4096
router#wr mem

you could then log back in and type "show log" to see the reslts.
If you really wanted to get special with it you could even restrict the time the access ist was active. Check Cisco's site for more in depth details.



Expert Comment

ID: 12328499
It's unclear from your statement if the data is also hitting the LAN or if the router is unable to route the traffic and is therefore dropping it.  If you're not sure either, try:

config t
int (LAN)
ip accounting output-packets

then perform a 'show ip accounting' before and after the window.  You'll be able to see if the traffic is being requested or sent to one of your LAN devices.  If not, the router is dropping it and you'll need something else... like a firewall would really help.

Expert Comment

ID: 12328501
I just realized this was for a 1721 (I was thinking 2500).  Sorry for the FW comment.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now